Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 Aug 2016 17:39:35 +0300
From: Kirill Zaitsev <>
Subject: RCE vulnerability in Openstack Murano using insecure YAML tags

RCE vulnerability in Openstack Murano using insecure YAML tags

:Date: June 23, 2016
:CVE: CVE-2016-4972

- Murano: <=2015.1.1; <=1.0.2; ==2.0.0
- Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0
- Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4

Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack
Murano applications processing. Using extended YAML tags in Murano
application YAML files, an attacker can perform a Remote Code
Execution attack.

Vulnerability has been verified in all currently supported branches.
Further examination of code suggest, that it is also present in kilo and
juno versions of murano.

- (Liberty)
- (Liberty)
- (Liberty)
- (Mitaka)
- (Mitaka)
- (Mitaka)
- (Newton)
- (Newton)
- (Newton)

- Kirill Zaitsev from Mirantis (CVE-2016-4972)


- Fixes for this bug are going to be included in the upcoming releases
  of murano 1.0.3(liberty), 2.0.1(mitaka), 3.0.0(newton) and   
  python-muranoclient 0.7.3(liberty), 0.8.5(mitaka), 0.9.0(newton)

Kirill Zaitsev
Murano Project Technical Lead
Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ